CVE-2025-13058

MEDIUM EPSS 12.0%
Published Nov 12, 20257mo ago · Modified Jun 17, 20261w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Nov 12, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
12.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection
CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
extplorerextplorer* ≤2.1.15

References 6

  • github.com https://github.com/soerennb/extplorer/
  • github.com https://github.com/soerennb/extplorer/commit/002def70b985f7012586df2c44368845bf405ab3
    Patch
  • github.com https://github.com/soerennb/extplorer/issues/33
    ExploitIssue Tracking
  • vuldb.com https://vuldb.com/?ctiid.332185
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.332185
    Third Party AdvisoryUS Government Resource
  • vuldb.com https://vuldb.com/?submit.682370
    Third Party AdvisoryUS Government Resource

Remediation

  • github.com https://github.com/soerennb/extplorer/commit/002def70b985f7012586df2c44368845bf405ab3
    Patch